summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth.c16
-rw-r--r--source3/auth/auth_compat.c45
-rw-r--r--source3/auth/auth_ntlmssp.c4
-rw-r--r--source3/auth/auth_util.c19
-rw-r--r--source3/auth/proto.h16
-rw-r--r--source3/auth/user_info.c5
6 files changed, 86 insertions, 19 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index dbe337faa8..0f661a953f 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -19,7 +19,7 @@
#include "includes.h"
#include "auth.h"
-#include "smbd/globals.h"
+#include "../lib/tsocket/tsocket.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -284,11 +284,19 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
if (NT_STATUS_IS_OK(nt_status)) {
unix_username = (*server_info)->unix_name;
if (!(*server_info)->guest) {
+ char *rhost;
+ int rc;
+
+ rhost = tsocket_address_inet_addr_string(user_info->remote_host,
+ talloc_tos());
+ if (rhost == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
/* We might not be root if we are an RPC call */
become_root();
- nt_status = smb_pam_accountcheck(
- unix_username,
- smbd_server_conn->client_id.name);
+ nt_status = smb_pam_accountcheck(unix_username,
+ rhost);
unbecome_root();
if (NT_STATUS_IS_OK(nt_status)) {
diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c
index 0ae712a517..e7225a2756 100644
--- a/source3/auth/auth_compat.c
+++ b/source3/auth/auth_compat.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "auth.h"
+#include "../lib/tsocket/tsocket.h"
extern struct auth_context *negprot_global_auth_context;
extern bool global_encrypted_passwords_negotiated;
@@ -36,6 +37,7 @@ return True if the password is correct, False otherwise
****************************************************************************/
NTSTATUS check_plaintext_password(const char *smb_name,
+ const struct tsocket_address *remote_address,
DATA_BLOB plaintext_blob,
struct auth_serversupplied_info **server_info)
{
@@ -54,7 +56,9 @@ NTSTATUS check_plaintext_password(const char *smb_name,
chal);
if (!make_user_info_for_reply(&user_info,
- smb_name, lp_workgroup(), chal,
+ smb_name, lp_workgroup(),
+ remote_address,
+ chal,
plaintext_blob)) {
return NT_STATUS_NO_MEMORY;
}
@@ -70,6 +74,7 @@ NTSTATUS check_plaintext_password(const char *smb_name,
static NTSTATUS pass_check_smb(struct auth_context *actx,
const char *smb_name,
const char *domain,
+ const struct tsocket_address *remote_address,
DATA_BLOB lm_pwd,
DATA_BLOB nt_pwd)
@@ -82,6 +87,7 @@ static NTSTATUS pass_check_smb(struct auth_context *actx,
}
make_user_info_for_reply_enc(&user_info, smb_name,
domain,
+ remote_address,
lm_pwd,
nt_pwd);
nt_status = actx->check_ntlm_password(actx, user_info, &server_info);
@@ -97,7 +103,9 @@ return True if the password is correct, False otherwise
bool password_ok(struct auth_context *actx, bool global_encrypted,
const char *session_workgroup,
- const char *smb_name, DATA_BLOB password_blob)
+ const char *smb_name,
+ const struct tsocket_address *remote_address,
+ DATA_BLOB password_blob)
{
DATA_BLOB null_password = data_blob_null;
@@ -110,24 +118,47 @@ bool password_ok(struct auth_context *actx, bool global_encrypted,
* Vista sends NTLMv2 here - we need to try the client given workgroup.
*/
if (session_workgroup) {
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, null_password, password_blob))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx,
+ smb_name,
+ session_workgroup,
+ remote_address,
+ null_password,
+ password_blob))) {
return True;
}
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, password_blob, null_password))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx,
+ smb_name,
+ session_workgroup,
+ remote_address,
+ password_blob,
+ null_password))) {
return True;
}
}
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), null_password, password_blob))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx,
+ smb_name,
+ lp_workgroup(),
+ remote_address,
+ null_password,
+ password_blob))) {
return True;
}
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), password_blob, null_password))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx,
+ smb_name,
+ lp_workgroup(),
+ remote_address,
+ password_blob,
+ null_password))) {
return True;
}
} else {
struct auth_serversupplied_info *server_info = NULL;
- NTSTATUS nt_status = check_plaintext_password(smb_name, password_blob, &server_info);
+ NTSTATUS nt_status = check_plaintext_password(smb_name,
+ remote_address,
+ password_blob,
+ &server_info);
TALLOC_FREE(server_info);
if (NT_STATUS_IS_OK(nt_status)) {
return True;
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 54f7e6d5fc..2d1aef18f0 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -25,7 +25,6 @@
#include "../libcli/auth/ntlmssp.h"
#include "ntlmssp_wrap.h"
#include "../librpc/gen_ndr/netlogon.h"
-#include "smbd/smbd.h"
#include "../lib/tsocket/tsocket.h"
NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
@@ -122,10 +121,11 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
lp_load(get_dyn_CONFIGFILE(), false, false, true, true);
- nt_status = make_user_info_map(&user_info,
+ nt_status = make_user_info_map(&user_info,
auth_ntlmssp_state->ntlmssp_state->user,
auth_ntlmssp_state->ntlmssp_state->domain,
auth_ntlmssp_state->ntlmssp_state->client.netbios_name,
+ auth_ntlmssp_state->remote_address,
auth_ntlmssp_state->ntlmssp_state->lm_resp.data ? &auth_ntlmssp_state->ntlmssp_state->lm_resp : NULL,
auth_ntlmssp_state->ntlmssp_state->nt_resp.data ? &auth_ntlmssp_state->ntlmssp_state->nt_resp : NULL,
NULL, NULL, NULL,
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 64c290eb04..dd126929e9 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -89,6 +89,7 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
DATA_BLOB *lm_pwd,
DATA_BLOB *nt_pwd,
const struct samr_Password *lm_interactive_pwd,
@@ -137,7 +138,7 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
result = make_user_info(user_info, smb_name, internal_username,
client_domain, domain, workstation_name,
- lm_pwd, nt_pwd,
+ remote_address, lm_pwd, nt_pwd,
lm_interactive_pwd, nt_interactive_pwd,
plaintext, password_state);
if (NT_STATUS_IS_OK(result)) {
@@ -158,6 +159,7 @@ bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
uint32 logon_parameters,
const uchar *lm_network_pwd,
int lm_pwd_len,
@@ -172,6 +174,7 @@ bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
status = make_user_info_map(user_info,
smb_name, client_domain,
workstation_name,
+ remote_address,
lm_pwd_len ? &lm_blob : NULL,
nt_pwd_len ? &nt_blob : NULL,
NULL, NULL, NULL,
@@ -196,6 +199,7 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
uint32 logon_parameters,
const uchar chal[8],
const uchar lm_interactive_pwd[16],
@@ -271,6 +275,7 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
nt_status = make_user_info_map(
user_info,
smb_name, client_domain, workstation_name,
+ remote_address,
lm_interactive_pwd ? &local_lm_blob : NULL,
nt_interactive_pwd ? &local_nt_blob : NULL,
lm_interactive_pwd ? &lm_pwd : NULL,
@@ -296,6 +301,7 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
+ const struct tsocket_address *remote_address,
const uint8 chal[8],
DATA_BLOB plaintext_password)
{
@@ -342,6 +348,7 @@ bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
ret = make_user_info_map(
user_info, smb_name, client_domain,
get_remote_machine_name(),
+ remote_address,
local_lm_blob.data ? &local_lm_blob : NULL,
local_nt_blob.data ? &local_nt_blob : NULL,
NULL, NULL,
@@ -363,12 +370,14 @@ bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
const char *smb_name,
- const char *client_domain,
+ const char *client_domain,
+ const struct tsocket_address *remote_address,
DATA_BLOB lm_resp, DATA_BLOB nt_resp)
{
return make_user_info_map(user_info, smb_name,
client_domain,
- get_remote_machine_name(),
+ get_remote_machine_name(),
+ remote_address,
lm_resp.data && (lm_resp.length > 0) ? &lm_resp : NULL,
nt_resp.data && (nt_resp.length > 0) ? &nt_resp : NULL,
NULL, NULL, NULL,
@@ -379,7 +388,8 @@ NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
Create a guest user_info blob, for anonymous authenticaion.
****************************************************************************/
-bool make_user_info_guest(struct auth_usersupplied_info **user_info)
+bool make_user_info_guest(const struct tsocket_address *remote_address,
+ struct auth_usersupplied_info **user_info)
{
NTSTATUS nt_status;
@@ -387,6 +397,7 @@ bool make_user_info_guest(struct auth_usersupplied_info **user_info)
"","",
"","",
"",
+ remote_address,
NULL, NULL,
NULL, NULL,
NULL,
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index a4330155d1..2839793472 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -51,11 +51,14 @@ NTSTATUS auth_builtin_init(void);
/* The following definitions come from auth/auth_compat.c */
NTSTATUS check_plaintext_password(const char *smb_name,
+ const struct tsocket_address *remote_address,
DATA_BLOB plaintext_password,
struct auth_serversupplied_info **server_info);
bool password_ok(struct auth_context *actx, bool global_encrypted,
const char *session_workgroup,
- const char *smb_name, DATA_BLOB password_blob);
+ const char *smb_name,
+ const struct tsocket_address *remote_address,
+ DATA_BLOB password_blob);
/* The following definitions come from auth/auth_domain.c */
@@ -94,11 +97,13 @@ NTSTATUS auth_server_init(void);
NTSTATUS auth_unix_init(void);
/* The following definitions come from auth/auth_util.c */
+struct tsocket_address;
NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
DATA_BLOB *lm_pwd,
DATA_BLOB *nt_pwd,
const struct samr_Password *lm_interactive_pwd,
@@ -109,6 +114,7 @@ bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
uint32 logon_parameters,
const uchar *lm_network_pwd,
int lm_pwd_len,
@@ -118,6 +124,7 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
uint32 logon_parameters,
const uchar chal[8],
const uchar lm_interactive_pwd[16],
@@ -126,13 +133,17 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
+ const struct tsocket_address *remote_address,
const uint8 chal[8],
DATA_BLOB plaintext_password);
NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
+ const struct tsocket_address *remote_address,
DATA_BLOB lm_resp, DATA_BLOB nt_resp);
-bool make_user_info_guest(struct auth_usersupplied_info **user_info) ;
+bool make_user_info_guest(const struct tsocket_address *remote_address,
+ struct auth_usersupplied_info **user_info);
+
struct samu;
NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
struct samu *sampass);
@@ -192,6 +203,7 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info,
const char *client_domain,
const char *domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
const DATA_BLOB *lm_pwd,
const DATA_BLOB *nt_pwd,
const struct samr_Password *lm_interactive_pwd,
diff --git a/source3/auth/user_info.c b/source3/auth/user_info.c
index 606381b0e3..6b9841220f 100644
--- a/source3/auth/user_info.c
+++ b/source3/auth/user_info.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "auth.h"
#include "librpc/gen_ndr/samr.h"
+#include "../lib/tsocket/tsocket.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -46,6 +47,7 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info,
const char *client_domain,
const char *domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
const DATA_BLOB *lm_pwd,
const DATA_BLOB *nt_pwd,
const struct samr_Password *lm_interactive_pwd,
@@ -84,6 +86,9 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info,
user_info->workstation_name = talloc_strdup(user_info, workstation_name);
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info->workstation_name, user_info);
+ user_info->remote_host = tsocket_address_copy(remote_address, user_info);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info->remote_host, user_info);
+
DEBUG(5,("making blobs for %s's user_info struct\n", internal_username));
if (lm_pwd && lm_pwd->data) {